In linphone 0.11.0 there's a memory referencing problem during
INVITEs with authorization.
Basically, the second invite erases the Dialog's ptr to the 1st
invite Transaction, but not the 1st invite Transaction's ptr to
the Dialog.
If the call is very brief, the Dialog will be destroyed before
the first invite Transaction terminates (via TIMEOUT_D), at which
point the destroyed Dialog is referenced in ua_transaction_free.
A patch for uatransaction.c is attached.
I'm also worried about multithread safety. Osip appears protected,
coreapi appears protected, but osipua does not. What stops both
the sipd_thread and the ui driven thread(s?) from mucking about
with osipua stuff at the same time?
-troy
------------------------------------------------------------------------
diff -a -u -r1.1 -r1.3
--- uatransaction.c 2003/06/06 18:58:12 1.1
+++ uatransaction.c 2004/02/20 22:09:21 1.3
@@ -132,6 +132,8 @@
void ua_transaction_set_incoming_invite_tr(transaction_t *trn,OsipDialog *call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->inc_invite_tr)
+ call->inc_invite_tr->your_instance = NULL;
call->inc_invite_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -140,6 +142,8 @@
void ua_transaction_set_outgoing_invite_tr(transaction_t *trn,OsipDialog *call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->out_invite_tr)
+ call->out_invite_tr->your_instance = NULL;
call->out_invite_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -148,6 +152,8 @@
void ua_transaction_set_incoming_bye_tr(transaction_t *trn,OsipDialog *call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->inc_bye_tr)
+ call->inc_bye_tr->your_instance = NULL;
call->inc_bye_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -156,6 +162,8 @@
void ua_transaction_set_outgoing_bye_tr(transaction_t *trn,OsipDialog *call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->out_bye_tr)
+ call->out_bye_tr->your_instance = NULL;
call->out_bye_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -164,6 +172,8 @@
void ua_transaction_set_outgoing_register_tr(transaction_t *trn,OsipDialog
*call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->out_register_tr)
+ call->out_register_tr->your_instance = NULL;
call->out_register_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -172,6 +182,8 @@
void ua_transaction_set_outgoing_cancel_tr(transaction_t *trn,OsipDialog *call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->out_cancel_tr)
+ call->out_cancel_tr->your_instance = NULL;
call->out_cancel_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -180,6 +192,8 @@
void ua_transaction_set_incoming_cancel_tr(transaction_t *trn,OsipDialog *call)
{
OsipUA *ua = osip_dialog_get_ua (call);
+ if (call->inc_cancel_tr)
+ call->inc_cancel_tr->your_instance = NULL;
call->inc_cancel_tr = trn;
trn->your_instance=call;
transaction_set_out_socket(trn,ua->manager->send_sock);
@@ -251,6 +265,8 @@
}else if (transaction==call->inc_cancel_tr){
call->inc_cancel_tr = NULL;
}
+ transaction->your_instance=NULL;
+
/* now if it was the last active transaction of the dialog, delete the
dialog*/
if (call->out_invite_tr==NULL && call->inc_invite_tr==NULL &&
call->out_bye_tr==NULL && call->inc_bye_tr==NULL &&
------------------------------------------------------------------------
_______________________________________________
Linphone-developers mailing list
address@hidden
http://mail.nongnu.org/mailman/listinfo/linphone-developers